Why is this CIS Control critical?

Deficiencies in security logging and analysis allow attackers to hide their location, malicious software, and activities on victim machines. Even if the victims know that their systems have been compromised, without protected and complete logging records they are blind to the details of the attack and to subsequent actions taken by the attackers. Without solid audit logs, an attack may go unnoticed indefinitely and the particular damages done may be irreversible.

Sometimes logging records are the only evidence of a successful attack. Many organizations keep audit records for compliance purposes, but attackers rely on the fact that such organizations rarely look at the audit logs, and they do not know that their systems have been compromised. Because of poor or nonexistent log analysis processes, attackers sometimes control victim machines for months or years without anyone in the target organization knowing, even though the evidence of the attack has been recorded in unexamined log files.

Main Points:

Ensure that local logging has been enabled on all systems and networking devices.

Ensure that appropriate logs are being aggregated to a central log management system for analysis and review.

The information we track while users are on our website is incorporated into improved services and analysis of our site’s performance and traffic; this may be combined with other information that you have provided. To learn more please see our Privacy Policy.